Home > Microsoft Security > Ms12-027

Ms12-027

Contents

By searching using the security bulletin number (such as, "MS07-036"), you can add all of the applicable updates to your basket (including different languages for an update), and download to the How do I use this table? This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2016 Microsoft © 2016 Microsoft

Note You may have to install several security updates for a single vulnerability. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Local support according to See Microsoft Knowledge Base Article 3144427 for more information.

Ms12-027

Newer versions such as the 2007 Microsoft Office system and Microsoft Office 2003 Service Pack 3 are not affected. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) This security update resolves

V3.0 (November 2, 2009): Revised to announce the availability of a hotfix for MS09-054 to address application compatibility issues. For more information, see Microsoft Knowledge Base Article 3146706. For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services. For more information, see Microsoft Knowledge Base Article 913086.

Detection and Deployment Guidance Microsoft has provided detection and deployment guidance for this month’s security updates. Cve-2012-0158 This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation and Canada can receive technical support from Security Support or 1-866-PCSAFETY. MS09-020 Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) CVE-2009-1535 1 - Consistent exploit code likelyPublic code is available for information disclosure.

For more information about how to contact Microsoft for support issues, visit International Help and Support. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) CVE-2009-2500 2 - Inconsistent exploit code likely(None) MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) CVE-2009-2501 2 - Inconsistent For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Cve-2012-0158

The next release of SMS, System Center Configuration Manager 2007, is now available; see also System Center Configuration Manager 2007. Executive Summaries The following table summarizes the security bulletins for this month in order of severity. Ms12-027 Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Updates for consumer platforms are available from Microsoft Update.

For more information about MBSA, visit Microsoft Baseline Security Analyzer. How do I use this table? See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]> TechNet Products Products Windows Windows Server System Center Browser For details on affected software, see the next section, Affected Software and Download Locations.

We are aware of public exploits of these vulnerabilities. The vulnerabilities are listed in order of bulletin ID and CVE ID. For more information about available support options, see Microsoft Help and Support. Register now for the April Security Bulletin Webcast.

IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community. Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

V1.1 (June 10, 2009): Corrected the rating and key notes for CVE-2009-1138 in the Exploitability Index.

Critical Remote Code Execution Requires restart --------- Microsoft Windows,Adobe Flash Player Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. With this in mind, we released eight security updates this month: 5 rated as Critical, 2 rated as Important, and one rated as Moderate.

Successful exploitation of this vulnerability requires an attacker and the user to perform a series of complex steps, which include saving specific files to the desktop. This bulletin spans more than one software category. You should review each software program or component listed to see whether any security updates pertain to your installation. Administrators can use the inventory capabilities of SMS in these cases to target updates to specific systems.

Please see the bulletin for additional information. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. Eiram of Secunia for reporting an issue described in MS09-062 Support The affected software listed have been tested to determine which versions are affected. Revisions V1.0 (April 10, 2012): Bulletin Summary published.

How do I use this table? International customers can receive support from their local Microsoft subsidiaries. To continue getting the latest updates for Microsoft Office products, use Microsoft Update. We appreciate your feedback.

The vulnerability could allow remote code execution if a user opens a specially crafted Works file. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In all cases, however, an attacker would have no way to force users to visit these websites. System Center Configuration Manager 2007 Configuration Manager 2007 Software Update Management simplifies the complex task of delivering and managing updates to IT systems across the enterprise.

Consumers can visit Security At Home, where this information is also available by clicking "Latest Security Updates". This functionality is built in to newer versions of Microsoft Office. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

For more information, see Microsoft Knowledge Base Article 913086. New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows. A rating of Critical has only been assigned to Microsoft Office Word 2000 Service Pack 3. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on For more information about MBSA, visit Microsoft Baseline Security Analyzer. Consumers can visit Security At Home, where this information is also available by clicking "Latest Security Updates".